Serendipity – Einträge für Dezember 2006

The Serendipity Team is proud to release the Serendipity Weblog version 1.1 to the public.

This new version is aimed for feature enhancement and stability consolidation. The most important change is the overhaul of the media database, which vastly enhances the already obvious superiority of Serendipity's Media management. In depth this means that you can now store and customize meta properties easily - store descriptions, EXIF-Tags and keywords which you can later see and search in your database. You can also now assign detailed privileges for each directory of the media database, and the output is now completely templated. Yes, that means you can customize and style your very own media database, both effective in the backend and the frontend.

The other important change is more granular plugin permission management. You can enable/disable certain markup-plugins on a per-entry basis, and allow/forbid specific usergroups to access certain plugins.

Another visual apparent change is the overhaul of the plugin manager. You can now drag'n'drop order and move your plugins around. Together with the ability of templates to specific the amount and names of sidebars, you have virtually unlimited flexibility for plugin management!

Templating has also intensively been upgraded in the respect of themes being able to specify custom "options". A theme could allow you to choose navigation links, colorsets and much more. Explore the possibilites! Many themes by Carl Galloway and other great designers from our forums have already used that feature to provide you with many cool options!

For the developers among us, it might be of interest to note that Serendipity now also supports easy custom template-engine support. Tired of Smarty? You can also use a plain old PHP template emulation or even a XSLT-transformation layer (read more on this topic here).

Of course we have not only focussed on injecting features, but also fixed some minor bugs, a huge-impact central SQL query optimization and glitches and smaller improvements. In total we have 29 feature improvements, 24 bugfixes and 21 usability/technical improvements. For intense reports on this either read our NEWS-file or past 1.1-beta announcements here and there.

As you might have noticed, our server went away this week, but is now up and running again. This had effects on our Serendipity 1.1 release cycle. 1.1 was scheduled for this week, but could not be released. Now I'm out of time because of upcoming christmas, so expect the new Serendipity version in the last week of this year. :-)

Chris just called to inform me that the server has been repaired and all services should be back to normal. I am writing this with my cellphone because i'm on the autobahn, driving home to Berlin. So I'll keep this short!

For those of you who haven't seen the s9y.org main site since yesterday, we had a hardware failure in the server that was running the s9y.org wiki. Most likely the power adapter stopped working, a new one is on the way and will hopefully be installed tomorrow. If it doesn't, I will start setting up a "read only" interim site with backup data, because it's not very likely that Santa is going to install a new power adapter, so it could take a while until the original server is back in place. But don't forget, it's "only" the Wiki and the board that are down. The other parts of the s9y.org run on different servers, so you can still use:

Thanks go out to these people, who have offered to donate server power to the s9y.org project (If you're one of them and haven't heard from me: Don't hate, I have happily read your email and will reply as soon as I can):

UPDATE:It turned out the defective part was the CPU fan, a new one is on it's way and will be installed tomorrow, Friday 22nd 2006 - what a nice birthday present for me ;-) Also, I have received a lot of emails of people/companies offering backup server sponsorships, I'll let you know when the talks have finished and a deciscion has been made.

The nice folks of AOE media GmbH offered to sponsor the s9y project with another dedicated server, which arrived today. I spent the day installing the base system, setting up mysql replication through a vpn between the two servers, and stuff like that. So for those of you who noticed a downtime today, it was a planned one (and also un-announced ;-), that I used to copy a snapshot of the s9y.org and supersized.org databases over to the new server. I hope it didn't cause too much trouble for you, but this made future work/load-distribution over the servers a lot easier. All the s9y.org-webserver-responsiveness-jazz of the last months should ease up a little over the next few months. Finally ;)

This new Serendipity release addresses a local file inclusion security issue discovered yesterday. It was possible to give a special parameter to a serendipity file to include a file on your own web-tree (or other files the webserver has read access to). If used on clear-text files, this could be used to disclose information like the apache logfiles on your website.

This error can only happen in a scenario with two prerequisites: Register_Globals needs to be turned on in your PHP configuration AND your webserver must ignore the default Serendipity .htaccess file. This .htaccess file usually prevents to directly call Serendipity's include files via HTTP. Thus we feel that only a very low percentage of installations should be affected by this bug.

However, Serendipity 1.0.4 is a recommended upgrade for everyone taking security responsibly, like we do. We are thankful to the community for inspecting Serendipity, searching for bugs and security issues and reporting them to us. In this case, many thanks to Majestic from the forums for notifying us.

Most of the plugins (both bundled and available via spartacus) were upgraded to also circumvent that bug, so you should upgrade all of your active plugins to the recent versions as well.

The Serendipity 1.1 release tree was also modified with a patch for this issue. It will be contained in todays snapshot, and the 1.1-beta6 release file. The easy steps to perform an upgrade are documented in our FAQ on http://www.s9y.org/.